Question
The issue is that we have a website on a standalone webserver (Windows 2003 SP2 - Machine name is TESTAPP which can be sen in the log below) which uses TransactionScope.
The SQL Server 2008 R2 machine (Windows Server 2008) is within a domain.
When the standalone machine hit's the TransactionScope it fails (error details will ensue).
When I run the code from a machine in the same domain as the DB server it works fine.
On the standalone machine I get the ubiquitous error of:
https://stackoverflow.com/questions/16236839
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianError HRESULT E_FAIL has been returned from a call to a COM component.
However MSDTC is setup correctly, it uses Network Service by the way. DTCPing.exe works fine both ways.
Upon digging into the DB machine i found the following Audit Failure:
An account failed to log on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: TESTAPP$
Account Domain: WORKGROUP
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xc000006d
Sub Status: 0xc0000064
Network Information:
Workstation Name: TESTAPP
Source Network Address: 192.168.**.**
Source Port: 1202
The standalone machine is trying to logon to SQL Server machine using it's own machine name, god knows what it is using as a password.
Therefore is it possible to get MSDTC to work from a standalone machine to a domain machine?
P.S. If possible (if there is another way) I don't want to affect 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC\TurnOffRpcSecurity' registry key.
P.P.S. If possible I'd like to keep Mutual Authentication Required on MSDTC, (I'm aware that a possible solution is to set MSDTC to require No Authentication, but am not sure if this is totally necessary)
The wierd thing about it is using a test standalone web server to domain DB server MSDTC is working fine whether set to No Authentication or Mutual Authentication! :S
P.P.S. Firewalls are off on both machines.
Solution
Gah, if only I'd tried setting up a test using a duplication of the live system earlier etc etc...
As soon as I turned off Mutual Authentication and set it to No Authentication it worked like a charm.
P.S. No Auth isn't much of a security hole in an environment that doesn't open up the MSDTC machines/ports to the outside world. See potential risks of using unsecure rpc no authentication required setting in msdtc security configuration
OTHER TIPS
You can use just one connection object across Data Access Methods. That way MSDTC is never triggered. I had similar experience but did not have access to adjust the SQL server. Using a singleton pattern, I created the Data Connection and use same connection object within a transaction across several method calls.
